cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: Android JUnit Refactor Deletes Test for CVE
Date Thu, 12 Feb 2015 02:42:49 GMT
Ah, just saw this after responding to the other thread. It was an accident.

On Wed, Feb 11, 2015 at 4:48 PM, Joe Bowser <bowserj@gmail.com> wrote:

> Responding via private list because this is about a security issue.
>
> Andrew, your refactor deleted a very important JUnit test, the
> SabotagedActivity test is very important for a past CVE where intents could
> be randomly sent to Cordova and executed remotely.  I want to know why this
> code was deleted, and what will be done to reproduce this test case.
>
> I think that you deleting this use case opens us up to serious regressions
> that could put us at risk, and I would like your justification for that.
>
> Joe
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message